Configure and update System Center Endpoint Protection clients

Important

This step is required only if your organization uses System Center Endpoint Protection (SCEP).

Microsoft Defender ATP integrates with System Center Endpoint Protection to provide visibility to malware detections and to stop propagation of an attack in your organization by banning potentially malicious files or suspected malware.

If you're using a proxy to connect to the Internet see the Configure proxy settings section.

Once completed, you should see onboarded endpoints in the portal within an hour.

Configure proxy and Internet connectivity settings

Each Windows endpoint must be able to connect to the Internet using HTTPS. This connection can be direct, using a proxy, or through the OMS Gateway.

If a proxy or firewall is blocking all traffic by default and allowing only specific domains through or HTTPS scanning (SSL inspection) is enabled, make sure that the following URLs are white-listed to permit communication with Microsoft Defender ATP service:

Agent Resource

Ports

*.oms.opinsights.azure.com

443

*.blob.core.windows.net

443

*.azure-automation.net

443

*.ods.opinsights.azure.com

443

winatp-gw-cus.microsoft.com

443

winatp-gw-eus.microsoft.com

443

winatp-gw-neu.microsoft.com

443

winatp-gw-weu.microsoft.com

443

winatp-gw-uks.microsoft.com

443

winatp-gw-ukw.microsoft.com

443

Offboard client endpoints

To offboard, you can uninstall the MMA agent from the endpoint or detach it from reporting to your Microsoft Defender ATP workspace. After offboarding the agent, the endpoint will no longer send sensor data to Microsoft Defender ATP.